SecurityConfig

Pragya Keshap answered on February 28, 2023 Popularity 5/10 Helpfulness 4/10

answer SecurityConfig

SecurityConfig

Comment

Tip Pragya Keshap 1 GREPCC

Security Configuration is the main entry point of the application to manage API security and check which API we have to allow and which API we have to restrict.

@EnableWebFluxSecurity
public class SecurityConfig {
    private static final String[] WHITELISTED_AUTH_URLS = {
            "/auth/v1/signup","/auth/v1/login", "/webjars/**", "/v3/api-docs/**",
    };

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private SecurityContextRepository securityContextRepository;

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(
            ServerHttpSecurity http) {
         return http
                .exceptionHandling()
                .authenticationEntryPoint((shs, e) -> Mono.fromRunnable(() -> {
                    shs.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
                })).accessDeniedHandler((shs, e) -> Mono.fromRunnable(() -> {
                     shs.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
                })).and()
                .csrf().disable()
                .formLogin().disable()
                .authenticationManager(authenticationManager)
                .securityContextRepository(securityContextRepository)
                .authorizeExchange()
                .pathMatchers(HttpMethod.OPTIONS).permitAll()
                .pathMatchers(WHITELISTED_AUTH_URLS).permitAll()
                .anyExchange().authenticated()
                .and().build();
    }
}

xxxxxxxxxx

@EnableWebFluxSecurity

public class SecurityConfig {

    private static final String[] WHITELISTED_AUTH_URLS = {

            "/auth/v1/signup","/auth/v1/login", "/webjars/**", "/v3/api-docs/**",

};

    @Autowired

    private AuthenticationManager authenticationManager;

    @Autowired

    private SecurityContextRepository securityContextRepository;

    @Bean

    public SecurityWebFilterChain securityWebFilterChain(

            ServerHttpSecurity http) {

         return http

                .exceptionHandling()

                .authenticationEntryPoint((shs, e) -> Mono.fromRunnable(() -> {

                    shs.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);

                })).accessDeniedHandler((shs, e) -> Mono.fromRunnable(() -> {

                     shs.getResponse().setStatusCode(HttpStatus.FORBIDDEN);

                })).and()

                .csrf().disable()

                .formLogin().disable()

                .authenticationManager(authenticationManager)

                .securityContextRepository(securityContextRepository)

                .authorizeExchange()

                .pathMatchers(HttpMethod.OPTIONS).permitAll()

                .pathMatchers(WHITELISTED_AUTH_URLS).permitAll()

                .anyExchange().authenticated()

                .and().build();

https://medium.com/@BPandey/building-reactive-backend-app-with-spring-boot-webflux-fc6610e4a747

Popularity 5/10 Helpfulness 4/10 Language java

Source: Grepper

Tags: java

Link to this answer
Share Copy Link

Contributed on Feb 28 2023

Pragya Keshap

0 Answers Avg Quality 2/10

SecurityConfig

Contents

More Related Answers

SecurityConfig

Grepper

Documentation

Social

Legal

Contact

Oops, You will need to install Grepper and log-in to perform this action.